5 BulletProof Ways in Securing Your Web Browser Against Cyberattacks

Securing your web browser against cyberattacks is a priority because modern web browsers can store our sensitive information such as passwords, emails, addresses, credit card details, and even location.

This is why browser hacking is popular amongst cybercriminals seeking to lay hold of this treasure throve of information.

In this study, we will discuss 5 technology-based solutions to securing your web browser and protecting your private information and money from being stolen.

Here are the top five ways you can enhance the security of your browser:

1. Get Security Browser Extensions

Browser extensions (also called add-ons) are small software programs you install on top of your browser to enhance its functionality.

There are literally thousands of browser extensions available to provide a wide variety of added functions to your browsing experience.

There are extensions available for customization, productivity, shopping, privacy, security, etc.

Security and privacy extensions are highly recommended and encouraged by security professionals for securing browsers.

This range from the ability to prevent users from picking up a virus just by visiting a malicious website to blocking retargeting ads and trackers that follow you around the web, even across different devices.

Created by the EFF in collaboration with The Tor Project, this open source extension provides you better security by automatically forcing thousands of websites you visit to serve their HTTPs (‘s’ stands for secure) version if available, instead of their unencrypted HTTP version.

HTTPs is signified by the green padlock icon you see on the address bar of your browser.

Also by the EFF, Privacy Badger is a simple extension that automatically ‘learns’ about and BLOCKS invisible trackers that track you across the web and even on different devices as you use your browser.

Installing Privacy Badger enables “do not track”.

It’s a fire-and-forget kind of extension like HTTPs Everywhere. Just install it, no extra configuration needed.

It makes page loading time significantly faster because it prevents the browser from loading all the extra stuff (ads and trackers) on the website saving you time and bandwidth. But more importantly it protects you from malicious software served by some advertisement networks.

However, many websites depend on advertisement generated revenue. If you’d like to support a website serving ads, you can easily disable uBlock Origin for that site or donate to them using whatever means they have set up to receive donations.

IMPORTANT: uBlock Origin is completely unrelated to the site “ublock.org”. (Read more here).

Cookie AutoDelete is a powerful cookie controller that replaces the internal cookie manager of your browser.

It makes it super easy to manually get rid of all cookies from visited websites or the current website only, with a single click right from the extension.

There is also an option where the cookies are wiped ‘automagically’ when a tab is closed.

Deleting ‘cookies’ is good for privacy but more importantly you get better security as cybercriminals who go after you to steal browsing session cookies in order to impersonate you online are brutally stopped.

How do you secure your web browser saved passwords from attackers?

Two things you can do: use a password manager and/or prevent your computer from being infected with malware in the first place.

While how to detect, remove or prevent malware from infecting your computer is not the focus of this study; an actionable step you can take right now is to use a password manager.

You can use LastPass password manager (which we have mentioned earlier) to manage passwords instead of the built-in browser passwords safe.

First, you will have to discontinue saving logins in the browser, then dive into your browser settings to disable that feature.

After that, you should export the login you already have saved there to your LastPass.

And lastly, clear all the records from your browser.

I would recommend instead of an automatic password export, that you take the time out to manually save each password entry from the browser to LastPass and update the passwords with strong randomly generated ones in the process.

Because chances are those passwords are weak and old or may have even been compromised. It’s well worth your trouble taking these extra steps in securing your web browser for your own digital security.

3. Disable Browser Autofill

Autofill is the browser feature that automatically fills out forms on web pages for you with your previously saved user information.

After you have entered something like your name and email into a form on a web page, the next time you visit that page, your previous entry should be available for re-use.

What are the dangers of using Browser Autofill?

Although browser autofill is a useful and time-saving feature it is a big security risk, which can lead to your personal and financial data being leaked.

Viljami Kuosmanen a Finnish web developer and hacker discovered that several browsers could be deceived into leaking more of your private information than you bargained when using browser autofill systems.

The attacker basically lures its victims to a phishing web page that has an innocent-looking web form. On the surface you may have text fields to enter very basic info like name and email, but hidden behind are many more text fields to collect extra information unknowing to you.

This extra information may be your phone number, address and even financial info like your credit card details, etc.

You have to be extra conscious of sites where you fill forms with Autofill; if you do not absolutely trust that site then don’t.

Online shopping websites like Amazon and Jumia are good examples of where you can use Autofill to fill payment details at checkout. This is how I basically use autofill.

4. Manage Browser Cookies

A browser cookie is a small ‘piece of data’ a website stores on your web browser when you visit that website.

Its purpose is to help the website keep track of your visits, activities, and identity as you interact with the site.

How can browser cookies affect my browser security and privacy?

Browser cookies in themselves are not bad.

However, they become potently dangerous and work against you if they ever get hijacked.

For instance, if an attacker can get a hold of your authenticated session cookie, which they can steal via phishing techniques or with malware from your computer or browser, then they can replay the cookie in their own browsers.

The implication of this is that it enables them to be logged in as you WITHOUT needing your username, your password, and/or your second factor code (2FA) assuming you have one set up.

This is a situation where ads follow you around the web gathering bits of information on your browsing habits.

If you’ve ever searched for a product on Amazon and then started to see ads for that product on other websites – especially Facebook, you have been retargeted.

What should I do about Browser cookies?

Cookie tracking can only be reduced but not completely eradicated. And because some websites need it to function properly, you may not disable it entirely.

For example, it is ‘cookies’ that makes the items you add to online shopping carts stay. It’s like a memory box for browsers.

However, some third party cookies invade your privacy and you can prevent them from being set on your browser by disabling them in the settings.

Therefore one of the quick ways for securing your web browser is to disable third party cookies. It does not hurt you in any way.

Secondly, to protect the cookies which bear your authenticated session from being hijacked to impersonate you, periodically go into your browser settings to delete cookies you no longer need.

An easy and convenient way to do this is to leverage an automated ‘cookie eating’ browser extension. One we have discussed in this study that I recommend is the Cookie AutoDelete.

5. Update your Browser

I know you’ve heard this before and it sounds like common sense, but it’s VERY important for securing your web browser.

A browser update is usually an upgrade that comes with new/improved features, bug fixes and most importantly, security patches.

For most people, their browser is their first line of defense against the raging attackers on the web, so it’s super important that you are keeping it updated.

This I cannot emphasize enough.

Why is updating my browser so important?

When you use an outdated browser or one that is no longer supported, aside from missing out on all the good stuff that comes with an update, you are at risk of being hacked using a browser having a security hole.

You could be picking up a virus just by visiting a malicious website that an attacker has set up (Internet Explorer I’m looking at you).

Yes you read that right!

Some security holes found in older, retired versions of Internet Explorer can be exploited to hack your entire Windows computer, all through the browser. [Demostration coming soon]

The Homograph Phishing Attack

Worst still, you could be stuck with a serious browser vulnerability only an update can fix – the IDN Homograph Attack.

Now before I even begin to explain what the Homograph attack is; quickly go over to this proof-of-concept website set up by Xudong Zheng, the Chinese security researcher who discovered the attack.

If your browser displays “https://www.apple.com” then your browser is vulnerable to the homograph attack!

Fake “apple.com” website, EXACTLY the same URL

Now manually type in “apple.com” in the browser address bar and see the difference.

REAL “apple.com” website

The Internationalized Domain Name (IDN) Homograph attack is a way a malicious party may deceive computer users that a website address is legitimate by abusing the fact that computers find it problematic to distinguish between Unicode characters from common ASCII characters.

In the above demo website, while it may not be obvious to the casual eyes, apple.com uses the Cyrillic “а” (U+0430) rather than the ASCII “a” (U+0061); and Punycode makes it possible to register domains with foreign characters like this.

At the time of the release of Zheng’s discovery, mainstream web browsers; Chrome, Firefox, andOpera were confirmed to be vulnerable to this attack.

Chrome now even displays a red arrow on their mobile browser app whenever you are behind on updates.

“Update Chrome” warning on Android

Secondly, stick to using only browsers which have ongoing support and are updated regularly by their developers.

You should make your choice of browser to use from the list of best web browsers available such as Chrome, Firefox, Opera, and Edge.

Important! If your company policy still restricts employees to the use of Internet Explorer as the base browser in your organization, you are committing a cyber security sin.

Microsoft, the developers of the once super popular web browser, Internet Explorer (IE) has since ended support for ALL versions of the browser except IE version 11 (which would continue to receive update and support).

Lastly, simply using an up-to-date version of your browser addresses the Homograph issues on Chrome and Opera web browsers.

Google fixed the Unicode Phishing vulnerability in Chrome version 59 and Opera Software released a security patch in Opera Stable v44.0.2510.1449.

Mozilla does not have an official fix yet for Firefox but users can in the meantime disable Punycode support manually.

step 1: Type about:config in your Firefox address bar and hit enter.

step 2: Search for Punycode

step 3: This will bring up network.IDN_show_punycode. Double-click, right-click or toggle to modify the value to True.

Final Thoughts

In this study, we discussed the top 5 ways, assisted by technology, that can get you rock solid browser security.

If you take to practice what we’ve discussed here you would not only be securing your web browser but you would also be boosting your online privacy as well as removing yourself from being a low-hanging fruit to cyber attackers on the internet.

That’s it! Thank you for reading.

Feel free to leave me a comment if you have any questions or think I have left anything out.

Also consider spreading the word about this article, if you enjoyed it, using one of the social sharing buttons below or above this post.

About The Author

My name is Ojo Iszy, I am an ethical hacker and cybersecurity expert. I started to learn hacking way back in 2014 completely through self-education. This gave me the opportunity to gain very sound & practical experience in cybersecurity and ethical hacking. Now I focus all of my time and energy teaching the best of what I have learned through the years on this blog, my YouTube channel, and in my online courses (launching soon).